Guides
Sign In
Start typing to search…

Configure security settings

Protect your account with Two-Factor Authentication, SSO, and IP Allowlisting.

To better protect your information, FastSpring has incorporated multiple safeguards within the FastSpring app to secure accounts and associated personal or business data.

Company Administrators can configure these security settings, including Two-Factor Authentication (2FA) and Single Sign-On (SSO), for all users.

The sections below explain how to manage login behavior, configure 2FA and SSO, and restrict access via IP allowlists. Select a card or use the TOC on the right to jump ahead.

Login & Lockouts
Understand login behavior and account lockout policies.
Two-Factor Auth
Enable 2FA to require a second verification step for users.
Single Sign-On
Configure Google or Okta SSO for seamless team access.
IP Allowlist
Restrict account access to specific IP addresses.

Access the app and handle lockouts

When logging in to the FastSpring app, you have the option to use your password or Single Sign-On (if enabled).

  • Multi-Company Access: If your email is associated with multiple FastSpring stores, you can switch between companies using the Company ID dropdown at the top right without logging out.
  • Account Lockout Policy: To protect against brute-force attacks, the dashboard monitors failed login attempts.

    • 3 Failures: The user receives a warning.

    • 6 Failures: The account is locked.

      Resolution: If a user is locked out, they can use the Forgot Password link to reset their credentials and unlock the account. Alternatively, a FastSpring Admin can unlock the account after verifying the user's identity.

Configure two-factor authentication (2FA)

FastSpring’s Two-Factor Authentication (2FA) adds an extra layer of security by requiring a time-based code from an authenticator app. These settings do not apply to users who sign in using Social Login (Google) or Enterprise SSO (Okta), as their security is managed by the identity provider.

Enable 2FA for your store

Follow these steps to enforce 2FA for all users logging in directly to your store.

  1. In the FastSpring app, click the dropdown with your store name (top-right) and select Security Settings.
  2. Go to the 2-Step Verification section.
  3. Select Required: Users will be required to sign-in with 2-Step Verification.
  4. Click Save.

User setup flow

Once enabled, users will be prompted to set up 2FA the next time they log in.

  1. Install an authenticator app (e.g., Google Authenticator, Authy, Microsoft Authenticator) on a smartphone or tablet.
  2. Open the app and scan the QR code displayed on the FastSpring login screen.
  3. Enter the 6-digit time-based code (TOTP) generated by the app into FastSpring to complete verification.

On future logins, users will enter their email/password followed by the 6-digit code from their authenticator app.

Do I need a smartphone to enable 2FA?

No. You just need a device that can run an authenticator app. This could be a smartphone, tablet, or a desktop application that supports TOTP (e.g., Authy, 1Password).

Can I use multiple devices for 2FA?

Yes. Some authenticator apps allow syncing across multiple devices. If your app supports cloud sync (like Authy), you can access your 2FA codes from your phone, tablet, and desktop simultaneously.

Configure single sign-on (SSO)

You can enable Single Sign-On to allow users to access FastSpring using their existing credentials. We currently support Google (Social) and Okta (Enterprise OIDC).

Enable this setting to allow users to sign in using their Google credentials.

  1. In the FastSpring app, click the dropdown with your store name (top-right) and select Security Settings.
  2. Locate the Single Sign-on (SSO) - Social section.
  3. Select your preferred setting:
    • Optional: Users can choose to sign in using their Google credentials (if applicable).
    • Required: Users must sign in using their Google credentials. To enable this option, please contact FastSpring Support.
    • Disabled: Users will not be able to sign in using Google credentials.
  4. Click Save.

Configure IP allowlist

For maximum security, you can restrict access to your FastSpring account to specific IP addresses.

  1. In the FastSpring app, click the dropdown with your store name (top-right) and select Security Settings.
  2. Scroll to the IP allowlist section.
  3. Enter the allowed IP addresses in the format 127.0.0.1/32.
  4. Click Add IP.
  5. (Optional) Toggle IP binding for Dashboard to associate users with the IP address they signed in from. If the IP changes during a session, the user is signed out.

Warning: Ensure IP addresses are entered correctly. If you misconfigure this setting, you may lock yourself out of the account and will need to contact FastSpring Support to restore access.

Manage passwords

Users can manage their credentials directly through the login page or within the FastSpring app settings.

Reset a forgotten password

If a user cannot log in, they can request a reset link:

  1. Navigate to the FastSpring login page.
  2. Click Forgot your Password? above the password field.
  3. Enter the email address associated with the account to receive a reset link.

Change password while logged in

Users can update their password at any time from their profile:

  1. Click your username in the top-right corner and select Profile.
  2. On the Your Profile page, locate the Security section and click Change.
  3. Enter the current password to verify identity, then enter the new password.
  4. Click Save Password.

Updated about 2 hours ago